Qbot Office (OOXML) / .XLSX malware analysis — malicious · c466f456fbf5644c

MALICIOUS

Office (OOXML) / .XLSX

21.4 KB Created: 2006-09-16 00:00:00 UTC Authoring application: Microsoft Excel 14.0300

MD5: 15a6702b0580305997e34a5f1e1a31b8 SHA-1: 2767c0d8faacf5268d1b59b492f784b4fdb369e2 SHA-256: c466f456fbf5644c2c62d14ca01738e64a305f4726b96f323dd89163a8d463a4

60 Risk Score

Malware Insights

Qbot · confidence 95%

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The file is identified by ClamAV as 'Xls.Dropper.QbotDocu12020-9818439-0', strongly suggesting it is a Qbot variant designed to drop a secondary payload. As an Excel document, it likely relies on social engineering to trick the user into enabling macros, which would then execute the malicious code. The SHA256 hash is included as a primary indicator.

Heuristics 1

ClamAV: Xls.Dropper.QbotDocu12020-9818439-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Xls.Dropper.QbotDocu12020-9818439-0

Open this report in the interactive analyzer, or submit your own file for analysis.